Merge pull request #13616 from giuseppe/passwd-entry

run, create: add --passwd-entry

3 files changed, 34 insertions, 0 deletions

diff --git a/libpod/container_config.go b/libpod/container_config.go
index ea644764c..8500c6db9 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -404,6 +404,8 @@ type ContainerMiscConfig struct {
 	// InitContainerType specifies if the container is an initcontainer
 	// and if so, what type: always or once are possible non-nil entries
 	InitContainerType string `json:"init_container_type,omitempty"`
+	// PasswdEntry specifies arbitrary data to append to a file.
+	PasswdEntry string `json:"passwd_entry,omitempty"`
 }
 
 // InfraInherit contains the compatible options inheritable from the infra container
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 11ca169ca..9369b746c 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2724,6 +2724,9 @@ func (c *Container) userPasswdEntry(u *user.User) (string, error) {
 	if !hasHomeSet {
 		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
 	}
+	if c.config.PasswdEntry != "" {
+		return c.passwdEntry(u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
+	}
 
 	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), nil
 }
@@ -2775,9 +2778,25 @@ func (c *Container) generateUserPasswdEntry(addedUID int) (string, int, int, err
 			gid = group.Gid
 		}
 	}
+
+	if c.config.PasswdEntry != "" {
+		entry := c.passwdEntry(fmt.Sprintf("%d", uid), fmt.Sprintf("%d", uid), fmt.Sprintf("%d", gid), "container user", c.WorkingDir())
+		return entry, int(uid), gid, nil
+	}
+
 	return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), int(uid), gid, nil
 }
 
+func (c *Container) passwdEntry(username string, uid, gid, name, homeDir string) string {
+	s := c.config.PasswdEntry
+	s = strings.Replace(s, "$USERNAME", username, -1)
+	s = strings.Replace(s, "$UID", uid, -1)
+	s = strings.Replace(s, "$GID", gid, -1)
+	s = strings.Replace(s, "$NAME", name, -1)
+	s = strings.Replace(s, "$HOME", homeDir, -1)
+	return s + "\n"
+}
+
 // generatePasswdAndGroup generates container-specific passwd and group files
 // iff g.config.User is a number or we are configured to make a passwd entry for
 // the current user or the user specified HostsUsers
diff --git a/libpod/options.go b/libpod/options.go
index 2e5454393..6c4b4cc42 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -2051,3 +2051,16 @@ func WithChrootDirs(dirs []string) CtrCreateOption {
 		return nil
 	}
 }
+
+// WithPasswdEntry sets the entry to write to the /etc/passwd file.
+func WithPasswdEntry(passwdEntry string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+
+		ctr.config.PasswdEntry = passwdEntry
+
+		return nil
+	}
+}